WinRAR aeration elder has a major vulnerability that hackers can be malicious programs implanted in the boot process-vulnerability warning-the black bar safety net

Foreign security agencies to Check Point disclosed that of the famous compression software WinRAR the presence of a elder level of security vulnerability once used by hackers, hackers could a malicious app implant user’s computer by a boot program, the vulnerability in 2005 already exists.
WinRAR is the Windows platform on the most well-known decompression software which can decompress RAR, ZIP, 7z, ACE, etc. a variety of compression format of the software. Currently the software’s official website referred to in the world there are more than 5 million users.
Chick Point security team using WinAEL fuzzing tool to detect the WinRAR security vulnerabilities, a total of find out CVE-2018-20250, CVE-2018-20251, CVE-2018-20252, CVE-2018-20253, etc. 4 security vulnerabilities, these security vulnerabilities the first three are related to the ACE compression format related, the other one is out of bounds write vulnerability.
Researchers said, used to parse the ACE document unacev2. dll exists a directory traversal vulnerability that allows an attacker will compressed document unzip to any directory, completely ignore the target folder of the various restrictions. The attacker only need to create a new ACE compressed file, and induce users turned on, this can be a malicious app through the directory traversal vulnerability to put into Windows startup file, the system once started, the malicious program will run automatically.
Since WinRAR for unpack the ACE the document unacev2. dll is developed by a third party, from the beginning of 2005, this third-party library is no longer updated, WinRAR official also unable to obtain the source code, WinRAR decided to give up on this format of support. In the future the launch of WinRAR 5.7 version, the ACE format support will officially stop.